Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(143)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/builtins/builtins-function.cc

Issue 2199343002: Do an access check before compiling code via eval() (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: updates Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/builtins/builtins.cc ('k') | src/builtins/builtins-global.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 the V8 project authors. All rights reserved. 1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/builtins/builtins.h" 5 #include "src/builtins/builtins.h"
6 #include "src/builtins/builtins-utils.h" 6 #include "src/builtins/builtins-utils.h"
7 7
8 #include "src/compiler.h" 8 #include "src/compiler.h"
9 #include "src/string-builder.h" 9 #include "src/string-builder.h"
10 10
11 namespace v8 { 11 namespace v8 {
12 namespace internal { 12 namespace internal {
13 13
14 namespace { 14 namespace {
15 15
16 bool AllowDynamicFunction(Isolate* isolate, Handle<JSFunction> target,
17 Handle<JSObject> target_global_proxy) {
18 if (FLAG_allow_unsafe_function_constructor) return true;
19 HandleScopeImplementer* impl = isolate->handle_scope_implementer();
20 Handle<Context> responsible_context = impl->LastEnteredContext();
21 if (responsible_context.is_null()) {
22 responsible_context = impl->MicrotaskContext();
23 // TODO(jochen): Remove this.
24 if (responsible_context.is_null()) {
25 return true;
26 }
27 }
28 if (*responsible_context == target->context()) return true;
29 return isolate->MayAccess(responsible_context, target_global_proxy);
30 }
31
32 // ES6 section 19.2.1.1.1 CreateDynamicFunction 16 // ES6 section 19.2.1.1.1 CreateDynamicFunction
33 MaybeHandle<Object> CreateDynamicFunction(Isolate* isolate, 17 MaybeHandle<Object> CreateDynamicFunction(Isolate* isolate,
34 BuiltinArguments args, 18 BuiltinArguments args,
35 const char* token) { 19 const char* token) {
36 // Compute number of arguments, ignoring the receiver. 20 // Compute number of arguments, ignoring the receiver.
37 DCHECK_LE(1, args.length()); 21 DCHECK_LE(1, args.length());
38 int const argc = args.length() - 1; 22 int const argc = args.length() - 1;
39 23
40 Handle<JSFunction> target = args.target<JSFunction>(); 24 Handle<JSFunction> target = args.target<JSFunction>();
41 Handle<JSObject> target_global_proxy(target->global_proxy(), isolate); 25 Handle<JSObject> target_global_proxy(target->global_proxy(), isolate);
42 26
43 if (!AllowDynamicFunction(isolate, target, target_global_proxy)) { 27 if (!Builtins::AllowDynamicFunction(isolate, target, target_global_proxy)) {
44 isolate->CountUsage(v8::Isolate::kFunctionConstructorReturnedUndefined); 28 isolate->CountUsage(v8::Isolate::kFunctionConstructorReturnedUndefined);
45 return isolate->factory()->undefined_value(); 29 return isolate->factory()->undefined_value();
46 } 30 }
47 31
48 // Build the source string. 32 // Build the source string.
49 Handle<String> source; 33 Handle<String> source;
50 { 34 {
51 IncrementalStringBuilder builder(isolate); 35 IncrementalStringBuilder builder(isolate);
52 builder.AppendCharacter('('); 36 builder.AppendCharacter('(');
53 builder.AppendCString(token); 37 builder.AppendCString(token);
(...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after
304 288
305 Node* f = assembler->Parameter(0); 289 Node* f = assembler->Parameter(0);
306 Node* v = assembler->Parameter(1); 290 Node* v = assembler->Parameter(1);
307 Node* context = assembler->Parameter(4); 291 Node* context = assembler->Parameter(4);
308 Node* result = assembler->OrdinaryHasInstance(context, f, v); 292 Node* result = assembler->OrdinaryHasInstance(context, f, v);
309 assembler->Return(result); 293 assembler->Return(result);
310 } 294 }
311 295
312 } // namespace internal 296 } // namespace internal
313 } // namespace v8 297 } // namespace v8
OLDNEW
« no previous file with comments | « src/builtins/builtins.cc ('k') | src/builtins/builtins-global.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698